Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4703Sensitive Information Exposure in Apache Tomcat

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
18.3%
top 4.77%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Apache Tomcat
Timeline
PublishedDec 31
Latest updateMay 1

Description

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat4.0.3

🔴Vulnerability Details

3
OSV
Apache Tomcat Discloses MS-DOS Pathname2022-05-01
GHSA
Apache Tomcat Discloses MS-DOS Pathname2022-05-01
CVEList
CVE-2005-4703: Apache Tomcat 42006-02-01

💥Exploits & PoCs

1
Exploit-DB
Apache Tomcat 4.0.3 - Requests Containing MS-DOS Device Names Information Disclosure2005-10-14
CVE-2005-4703 — Sensitive Information Exposure | cvebase